This article was previously published under Q318246
This article has been archived. It is offered "as is" and will no longer be updated.
After you apply Exchange 2000 Service Pack 2 (SP2), users who are members of universal security groups may not be able to gain access to public folders on Exchange 2000 Server. Such users may receive the following error message:
Unable to display the folder. You do not have sufficient permission to perform this operation on the object.
These users receive this error message even though the universal security group has been granted permissions on the public folder.
Only users with accounts that are located in a mixed mode Microsoft Windows 2000 domain who are also members of a universal security group that is located in a native mode Windows 2000 domain are affected by this problem. This problem may occur if the mixed mode domain accounts are attempting to gain access to public folders that are located on an Exchange 2000 server in the native mode domain. The Microsoft Windows NT Security Identifier (SID) information for the universal security group is not added to the account token of the user in a mixed mode Windows 2000 domain when the user attempts to gain access to the public folders.
To resolve this problem, obtain the latest service pack for Microsoft Exchange 2000 Server. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
301378 XGEN: How to Obtain the Latest Exchange 2000 Server Service Pack
To work around this problem, grant the user accounts in the mixed mode domain explicit rights to the public folders; if you do so, the accounts are allowed access to the public folders. The accounts are only denied access if they are a member of a universal security group that has permissions on the public folders.
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server. This problem was first corrected in Microsoft Exchange 2000 Server Service Pack 3.
For additional information about token creation, click the article number below to view the article in the Microsoft Knowledge Base:
216970 Global Catalog Server Requirement for User and Computer Logon